Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

github.com/cert-manager/istio-csr

istio-csr is an agent that allows for Istio workload and control plane components to be secured using cert-manager.
https://github.com/cert-manager/istio-csr

Merge pull request #171 from JoshVanL/test-e2e-carotation-kubectl-wait-timeout

Increase the kubectl wait timeout for the e2e test carotation setup scripts

e10fdcf388e96d12a3f6eaac1c7d5cc994e0369d authored over 2 years ago by jetstack-bot <[email protected]>
Merge pull request #167 from nitishkrishna/use_4096_bits_in_certs

Increase bits to 4096 for more security

9d03ddb6b7c053784fa98fca10004956abf1babc authored over 2 years ago by jetstack-bot <[email protected]>
Fix test failures - 2

Signed-off-by: Nitish Krishna Kaveri <[email protected]>

73f7231e95dae9c3f7a011e468bcce4fedb2ab34 authored over 2 years ago by Nitish Krishna Kaveri <[email protected]>
Fix test failures

Signed-off-by: Nitish Krishna Kaveri <[email protected]>

818f8c8491248e5099fc976ae0982d141b27dca3 authored over 2 years ago by Nitish Krishna Kaveri <[email protected]>
Merge pull request #170 from nitishkrishna/use_updated_chart_api_version

Use updated helm chart apiVersion for helm v3 support

14f6f133db64b2869cb6b0984b06aeb1d03d38e0 authored over 2 years ago by jetstack-bot <[email protected]>
Increase the kubectl wait timeout for the e2e test carotation setup

scripts from the default 30s to 180s to accommodate resouce constrained
CI systems.

Signed-off-b...

910abcfa8af149f92e01977613d868c931aa2924 authored over 2 years ago by joshvanl <[email protected]>
go mod tidy

Signed-off-by: joshvanl <[email protected]>

e8023d2ada3ddd8859a444110c74658fa53250e3 authored over 2 years ago by joshvanl <[email protected]>
Updates versions in go.mod

Signed-off-by: joshvanl <[email protected]>

3868477a5a19bfd972fd8743d208599097fd46bb authored over 2 years ago by joshvanl <[email protected]>
Updates imports of `jetstack/cert-manager` to

`cert-manager/cert-manager`

Signed-off-by: joshvanl <[email protected]>

f4a9832f1b48fd4ccc7120881978f9bc73825c8d authored over 2 years ago by joshvanl <[email protected]>
Use updated helm chart apiVersion for helm v3 support

Signed-off-by: Nitish Krishna Kaveri <[email protected]>

08f51de1e5c50cc65c5cf7bd256ebf1ea17908c3 authored over 2 years ago by Nitish Krishna Kaveri <[email protected]>
Review comments + Docs

Signed-off-by: Nitish Krishna Kaveri <[email protected]>

df8938e99b2d712a4af22b35baae3f1544032c18 authored over 2 years ago by Nitish Krishna Kaveri <[email protected]>
Merge pull request #163 from JoshVanL/new-hack-tool-go-mod

Create `go.mod` in `hack/tools`

8a84ad72a90ea4a988190165cb6f9e8a7cb3df0f authored over 2 years ago by jetstack-bot <[email protected]>
Remove istio config manifests in /hack for istio versions v1.7 to v1.9

Signed-off-by: joshvanl <[email protected]>

abb0c140254e6b1170d0ffacd6d7edadf150dcca authored over 2 years ago by joshvanl <[email protected]>
Review comments - don't hardcode size

Signed-off-by: Nitish Krishna Kaveri <[email protected]>

5349f33c4ffb42503f8b3a54fdf1678b92ad3d98 authored over 2 years ago by Nitish Krishna Kaveri <[email protected]>
Increase bits to 4096 for more security

Signed-off-by: Nitish Krishna Kaveri <[email protected]>

d709394e79678dfb427b59be0fd20e5993be6cf8 authored over 2 years ago by Nitish Krishna Kaveri <[email protected]>
Merge pull request #165 from JoshVanL/e2e-test-token-request

Use a TokenRequest in token authentication tests

63af6569961d55bc0d3432fee784ba06980b5939 authored over 2 years ago by jetstack-bot <[email protected]>
Use a TokenRequest in token authentication tests, since Secrets now no

longer hold ServiceAccount tokens (:D)

Signed-off-by: joshvanl <[email protected]>

c96bcdc4eec6ee16ee08b9cbc964125dc5cac3e7 authored over 2 years ago by joshvanl <[email protected]>
Correctly build the helm binary

Signed-off-by: joshvanl <[email protected]>

968d3fcb69d9e1b31bd51015fd3c12ead058902e authored over 2 years ago by joshvanl <[email protected]>
Creates a separate go.mod in `hack/tools` to track versions there. Also

replaces `/bin/bash` with `/usr/bin/env bash`

Signed-off-by: joshvanl <[email protected]>

5ddda8d48dc9683cefff202dfa5a8a1db870606c authored over 2 years ago by joshvanl <[email protected]>
Merge pull request #150 from JoshVanL/verify-helm-docs

Adds verify-helm-docs.sh and update-helm-docs.sh scripts. Verify helm-docs during lint

75188e8aad1462966ee2b7da194dde5002647341 authored over 2 years ago by jetstack-bot <[email protected]>
Adds verify-helm-docs.sh and update-helm-docs.sh scripts. Verify

helm-docs during lint

Signed-off-by: joshvanl <[email protected]>

b922f4a0329bbb52ea15c6c8e5e39c0fbd0ece6c authored over 2 years ago by joshvanl <[email protected]>
Updates the helm docs

Signed-off-by: joshvanl <[email protected]>

a925c273fd3ce1a8a103241eab93df52277563af authored over 2 years ago by joshvanl <[email protected]>
Update all scripts with `/bin/bash` -> `/usr/bin/env bash`

Signed-off-by: joshvanl <[email protected]>

921d0482894f1720d1f5b5acba56cc654df48316 authored over 2 years ago by joshvanl <[email protected]>
Merge pull request #162 from JoshVanL/istio-hack-config-1.14.1

Adds hack config for istio v1.14.1 and changes default istio test version to v1.14.1

5653676e6af455bfe15f42a3ac76c9362b03e74e authored over 2 years ago by jetstack-bot <[email protected]>
Add correct `.yaml` suffix to istio-config 1.14.1 file

Signed-off-by: joshvanl <[email protected]>

eaf45a0fc4e1a1747aeaa6465a6db27e607893b1 authored over 2 years ago by joshvanl <[email protected]>
Merge pull request #160 from JoshVanL/docs-move-to-cert-manager.io

Removes docs from repo in favour of using cert-manager.io

34adba25c27cc9134ab988b424092395f9205d42 authored over 2 years ago by jetstack-bot <[email protected]>
Adds hack config for istio v1.14.1 and changes default istio test

version to this version

Signed-off-by: joshvanl <[email protected]>

4c067984b6dd5dc6aeadc1142808a3d12fc90029 authored over 2 years ago by joshvanl <[email protected]>
Merge pull request #158 from jahrlin/main

upgrade istio, cert-manager, helm

4200304ed29471f4bde2c499da7e60614e69efeb authored over 2 years ago by jetstack-bot <[email protected]>
Merge pull request #154 from acquia/conditional-cert

Make cert install controllable in helm

b60d660dabb547e5c44d85563b4d41c884f1311f authored over 2 years ago by jetstack-bot <[email protected]>
Removes docs from repo in favour of using cert-manager.io

Signed-off-by: joshvanl <[email protected]>

e81ffa4b806a037288434a88955d474f463de7d7 authored over 2 years ago by joshvanl <[email protected]>
Merge pull request #159 from SgtCoDFish/logo

Update to smaller logo

cae92998817231f3304e457873d8f1451aabaf02 authored over 2 years ago by jetstack-bot <[email protected]>
update to smaller logo

Signed-off-by: Ashley Davis <[email protected]>

4e74f19d688d59379933349fb438e9fa91099826 authored over 2 years ago by Ashley Davis <[email protected]>
upgrade to cert-manager v1.8

Signed-off-by: Joakim Ahrlin <[email protected]>

baf47368bc222971a6c23b89eb75143aba2143ad authored over 2 years ago by Joakim Ahrlin <[email protected]>
upgrade to Istio v1.13.4

Signed-off-by: Joakim Ahrlin <[email protected]>

9fa69095ebe46e6aa7cf399e10d7e32c37789376 authored over 2 years ago by Joakim Ahrlin <[email protected]>
use helm v3.6.0 for arm64 darwin image

Signed-off-by: Joakim Ahrlin <[email protected]>

7168972748fc4a9eb621d452b8c27b4f7fc1f89b authored over 2 years ago by Joakim Ahrlin <[email protected]>
Update deploy/charts/istio-csr/README.md

Co-authored-by: Josh van Leeuwen <[email protected]>

Signed-off-by: Marc Ingram <ma...

c7b731fa9f7c0a9239958ed666711f5043b0065d authored over 2 years ago by Marc Ingram <[email protected]>
Update deploy/charts/istio-csr/templates/certificate.yaml

Co-authored-by: Josh van Leeuwen <[email protected]>

Signed-off-by: Marc Ingram <ma...

73688699e38e5ae3e77a2d0863e77b06e1a3cdb7 authored over 2 years ago by Marc Ingram <[email protected]>
Update deploy/charts/istio-csr/values.yaml

Co-authored-by: Josh van Leeuwen <[email protected]>

Signed-off-by: Marc Ingram <ma...

5346695c35ca52ba41fed44b7378e024a0d5468e authored over 2 years ago by Marc Ingram <[email protected]>
Make cert install controlable in helm

Signed-off-by: Marc Ingram <[email protected]>

5c4d419eceb61906b1b1f5a627e9f0513d1aeb2a authored over 2 years ago by Marc Ingram <[email protected]>
Merge pull request #148 from grem11n/node-affinity-helm

Add an ability to select nodes for istio-csr

938eb82ca9ac581ccb4eef29c8282542358f0dfa authored over 2 years ago by jetstack-bot <[email protected]>
Add an ability to select nodes for istio-csr

Signed-off-by: Yurii Rochniak <[email protected]>

55e616355083b3bccea3f213569c1e82a25ba687 authored over 2 years ago by Yurii Rochniak <[email protected]>
Merge pull request #147 from SgtCoDFish/logo

update logo link + dimensions

413aa30e49c0ea4a9a25c0963a71a4bd25f21077 authored over 2 years ago by jetstack-bot <[email protected]>
update logo link + dimensions

Signed-off-by: Ashley Davis <[email protected]>

092899b2eb67662e0ab75d7d96932c5519b368c3 authored over 2 years ago by Ashley Davis <[email protected]>
Merge pull request #143 from JoshVanL/warning-preserve-certificate-requests-logging

Adds log warning output when preserve certificate request is enabled

36e182aa1bbaed86d15842adbef487b46ea29377 authored almost 3 years ago by jetstack-bot <[email protected]>
Adds log warning output when preserve certificate request is enabled

Signed-off-by: joshvanl <[email protected]>

73fe3146b8618c4b3e168f7e20bcbb46ac9450bf authored almost 3 years ago by joshvanl <[email protected]>
Merge pull request #142 from JoshVanL/warning-preserve-certificate-requests

Adds warning message for `preserveCertificateRequests` and resource consumption

69a42f9ad0a8b7a38bbe023dfddf97d4fea8cca5 authored almost 3 years ago by jetstack-bot <[email protected]>
Updates the helm docs and bumps version for values file comment changes

Signed-off-by: joshvanl <[email protected]>

06823a7b876420f36a013f4b43163cfaeb05acba authored almost 3 years ago by joshvanl <[email protected]>
Adds warning message to `preserveCertificateRequests` elsewhere it

appears in the project.

Signed-off-by: joshvanl <[email protected]>

d1eb6bb1edb31b87164f3fa35d38ac1efd729cb5 authored almost 3 years ago by joshvanl <[email protected]>
Adds warning message for `preserveCertificateRequests` and resource

consumption

Signed-off-by: joshvanl <[email protected]>

a5cce0e7eb5ccddf16365b41fa6f0418a6d566ab authored almost 3 years ago by joshvanl <[email protected]>
Merge pull request #140 from JoshVanL/bump-isito-kube-controller-runtime

Bumps istio, kube, controller-runtime Go modules

94eef9ef4bbe0b3b63b8b7008980d144b72b3b1d authored almost 3 years ago by jetstack-bot <[email protected]>
Bumps istio, kube, controller-runtime Go modules

Signed-off-by: joshvanl <[email protected]>

1f389d4d775f1a45e01f261f809a1f8d39e91895 authored almost 3 years ago by joshvanl <[email protected]>
Merge pull request #139 from JoshVanL/image-tags-v0.4.0

Update image tags and target version to v0.4.0

b09593037156548ca402035d1bbe33b13d16e974 authored almost 3 years ago by jetstack-bot <[email protected]>
Update image tags and target version to v0.4.0

Signed-off-by: joshvanl <[email protected]>

29deedee32265e24ce263caaf42ec53edacbd660 authored almost 3 years ago by joshvanl <[email protected]>
Merge pull request #134 from JoshVanL/go-mod-istio-v1.13

Updates istio to v1.13. Kube to v1.23. cert-manager to v1.7

2087de98fcd607f028f3c2e9c4564f8fd640bb66 authored almost 3 years ago by jetstack-bot <[email protected]>
Merge pull request #135 from JoshVanL/hack-istio-1-13

Adds configs for istio 1.12.2 1.13.1 - Makes 1.13 default

0bfa0fcc1e6a4c2477f31e0ab94173c8b779ad26 authored almost 3 years ago by jetstack-bot <[email protected]>
Updates istio version v1.13.0 to v1.13.1 for config and deployed test

versions

Signed-off-by: joshvanl <[email protected]>

be9065745d09be7097bd4f823cbb6a74e9d5ec93 authored almost 3 years ago by joshvanl <[email protected]>
Set correct istioctl version for integration. Update cert-manager v1.7.0

-> v1.7.1

Signed-off-by: joshvanl <[email protected]>

60b9c4ca33c95bdec35311c1d5a0fcb2b849ffc1 authored almost 3 years ago by joshvanl <[email protected]>
Adds configs for istio 1.12.2 1.13.0 - Makes 1.13 default

Signed-off-by: joshvanl <[email protected]>

109c49749df69f5946e927bf1a044c9256f85c35 authored almost 3 years ago by joshvanl <[email protected]>
Merge pull request #128 from wallrj/cert-manager-1.7

Test with cert-manager 1.7

e1b50c1bb54ffbd240751a0506f2eee588a0ba80 authored almost 3 years ago by jetstack-bot <[email protected]>
Updates istio to v1.13. Kube to v1.23. cert-manager to v1.7

Signed-off-by: joshvanl <[email protected]>

45c8bd1528a9acd33ce48baf9fe27b6dff1d7ad6 authored almost 3 years ago by joshvanl <[email protected]>
Install cert-manager 1.7

Signed-off-by: Richard Wall <[email protected]>

2a968233dc02044320a1a3e5011c2f13944033dd authored almost 3 years ago by Richard Wall <[email protected]>
Merge pull request #126 from alandiegosantos/new_parameter

Allow filtering namespaces to create the ConfigMap istio-ca-root-cert

43131ddc7a9d13c86ff21a98b6c55e45c160fec5 authored almost 3 years ago by jetstack-bot <[email protected]>
Rename namespaceSelector option to configMapNamespaceSelector

Signed-off-by: Alan Diego dos Santos <[email protected]>

f8d2b33b842ca92448d1ee3e36c6a937efbbd3d1 authored almost 3 years ago by Alan Diego dos Santos <[email protected]>
Merge pull request #127 from alandiegosantos/adiegodossan/fixed_hardcoded_path

Fixed hard-coded namespace on eventsBroadcaster

895e7497a417a4ab579b00e6455b546a0a31bba0 authored almost 3 years ago by jetstack-bot <[email protected]>
Merge pull request #124 from hawksight/getting_started_validation

docs: Add validation steps to getting started guide

a059c14e9557023e74b4d5b1c44e2a950c32e374 authored almost 3 years ago by jetstack-bot <[email protected]>
Parse the selector inside the controller code

Signed-off-by: Alan Diego dos Santos <[email protected]>

1ba43756bf78ab2b6e3c35382e1b5598065361b3 authored almost 3 years ago by Alan Diego dos Santos <[email protected]>
Fixed hard-coded namespace on eventsBroadcaster

The hard-coded namespace name caused some issues for users using different namespaces names.

Si...

bb14e9ecb295f36f44f500fb4782a0653d972e8c authored almost 3 years ago by Alan Diego dos Santos <[email protected]>
Allow filtering namespaces to create the ConfigMap istio-ca-root-cert

This MR adds a parameter to filter namespaces in which the ConfigMap istio-ca-root-cert is creat...

5d6b8e6c71069164b2de56fbcd05907de4fd174b authored almost 3 years ago by Alan Diego dos Santos <[email protected]>
docs: Add validation steps to getting started guide

I found it difficult to determine if my setup was correct. After some learning I decided to add ...

e9efdd7b160e64c30e9f2a19fd9ed423945c036f authored almost 3 years ago by Peter Fiddes <[email protected]>
Merge pull request #121 from mvaal/fix-getting_started-doc

istio-config-getting-started.yaml path fixed

70af8533e3bed88ec3f6fe46e5aa363feb23488b authored almost 3 years ago by jetstack-bot <[email protected]>
istio-config-getting-started.yaml path fixed

istio-config-getting_started.yaml was changed to istio-config-getting-started.yaml and not updat...

fa769771da5ec6daf83126946aaa9c7504c9007d authored almost 3 years ago by Marcus Vaal <[email protected]>
Merge pull request #116 from SgtCoDFish/readmerewrite

Move "getting started" to entirely new document

2a23a6c02e560b056e56315e42a3dcc8c4cfdb76 authored about 3 years ago by jetstack-bot <[email protected]>
Move getting started to entirely new document

The current instructions have several pain points which can lead to a
failed deployment which in...

ca00f545ef688a28c131a7f1d7f5c0d84b7e5620 authored about 3 years ago by Ashley Davis <[email protected]>
Update maintainers + description in helm chart

Not worth doing a release for but it's worth changing this now

Signed-off-by: Ashley Davis <ash...

77f454ac57c964486ce05512f7ff09fc61cf3093 authored about 3 years ago by Ashley Davis <[email protected]>
fix broken HTML at top of readme and add artifacthub badge

Signed-off-by: Ashley Davis <[email protected]>

9a0c5df4c0d33c29316c0ecc0c7cb145cf55349e authored about 3 years ago by Ashley Davis <[email protected]>
Merge pull request #111 from JoshVanL/istio-v1.11.4

Adds config for istio v1.11.4, sets default istio version to v1.11.4

5be99258ad5c44e3cf0225607670fd3f1a9b986d authored about 3 years ago by jetstack-bot <[email protected]>
A service isn't a requirement for the servicemonitor

We shouldn't enforce the creation of the metrics service for the servicemonitor. The servicemoni...

fcc422020f700886d2c6c18c815e23c0ebf2e5b6 authored about 3 years ago by Mattias Gees <[email protected]>
Adds config for istio v1.11.4, sets default istio version to v1.11.4

Signed-off-by: joshvanl <[email protected]>

6e13499f00187e4c1134193463d107d1d72100f8 authored about 3 years ago by joshvanl <[email protected]>
Merge pull request #110 from Marks-Ed/main

Variablise istiod certificate renewBefore

ed48ecf4d305f0f970685bde1d23481ab0dc6940 authored about 3 years ago by jetstack-bot <[email protected]>
Variablise istiod certificate renewBefore

Signed-off-by: Ed Marks <[email protected]>

5679a083c61497a88efc8846bc57822b47615f80 authored about 3 years ago by Ed Marks <[email protected]>
Merge pull request #109 from irbekrm/catch_closed_channel

Ensure that closed watch is dropped

52b9987583062b325e9124af39ccf6d45aeb152b authored about 3 years ago by jetstack-bot <[email protected]>
Ensure that closed watch is dropped

Signed-off-by: irbekrm <[email protected]>

c5146bac2e71efbb892df9e5ad00da4b025d093d authored about 3 years ago by irbekrm <[email protected]>
Merge pull request #104 from JoshVanL/update-README-TOFU

Update the wording around "TOFU" to not confuse users, and give a better explanation.

78dec578c89e01f3d3e17c450a9c69324f7048e8 authored over 3 years ago by jetstack-bot <[email protected]>
Spelling: venerable -> vulnerable

Signed-off-by: joshvanl <[email protected]>

262a74bd1c13b3e7ef81e623ae6fc60d23111baa authored over 3 years ago by joshvanl <[email protected]>
Update the wording around "TOFU" to not confuse users, and give a better

explanation.

Signed-off-by: joshvanl <[email protected]>

c6d0c0e8b848ba71fe6d603e787d6f864e2f626e authored over 3 years ago by joshvanl <[email protected]>
Merge pull request #102 from JoshVanL/tags-v0.3.0

Update image tags and chart version to v0.3.0

ff21cae634498bb5e3cdf54908f9082b186e6b19 authored over 3 years ago by jetstack-bot <[email protected]>
Merge pull request #101 from JoshVanL/update-docs

Update README.md

1246f5f0cb1f8119ad3ce0ddb835adb587019fde authored over 3 years ago by jetstack-bot <[email protected]>
Adds review comment suggestions

Signed-off-by: joshvanl <[email protected]>

9021c81508b9cd97877e30934173dda0760de896 authored over 3 years ago by joshvanl <[email protected]>
Merge pull request #100 from JoshVanL/root-ca-file-watcher

Root CA file watcher

b23654fd42dc4b1854220c412e81afb549fe4ee1 authored over 3 years ago by jetstack-bot <[email protected]>
Update image tags and chart version to v0.3.0

Signed-off-by: joshvanl <[email protected]>

fc8f51b685bcb74b31997a96d438c532e0a580ac authored over 3 years ago by joshvanl <[email protected]>
Update README.md to warn about not using statically defined CA

certificates

Signed-off-by: joshvanl <[email protected]>

ba3ae5d1371c4a2211042b7e1f9bc06a6291b994 authored over 3 years ago by joshvanl <[email protected]>
Uses fsnotify for root CA watcher

Signed-off-by: joshvanl <[email protected]>

23a7b39231312174ded2556a8c42cc2c6fb18eed authored over 3 years ago by joshvanl <[email protected]>
Merge pull request #98 from JoshVanL/controller-runtime-signal-handler

Change context root to use controller-runtime signal handler

27cb19b8924898b046429628d6e4829c83d833b3 authored over 3 years ago by jetstack-bot <[email protected]>
Adds rootca package which will watch and load the CA certificates when

as they change over time.

Signed-off-by: joshvanl <[email protected]>

5c4d03028dfae232c55943c967445fdff4015390 authored over 3 years ago by joshvanl <[email protected]>
Bubble up the root CA update broadcast to the tls and controller

Signed-off-by: joshvanl <[email protected]>

7d90e6866034e1cab11d75cf4d5c0f3341d66080 authored over 3 years ago by joshvanl <[email protected]>
Merge pull request #99 from JoshVanL/test-ca-rotation

Test CA Rotation

d14e682cfe013dc63f105b0d7f72f9d157f6538c authored over 3 years ago by jetstack-bot <[email protected]>
Use golang implementation of jq to use in carotation tests

Signed-off-by: joshvanl <[email protected]>

fa4add247c18bf328b1a9d143a29a1804ae7dd2b authored over 3 years ago by joshvanl <[email protected]>
Merge pull request #95 from JoshVanL/certificate-request-watch-channel-nil

Ensure that the watcher returns a non-nil object before decoding

672e8763ef6779b02445bb54706d6b69d9c1a653 authored over 3 years ago by jetstack-bot <[email protected]>
Adds TRAP to the main carotation run.sh script

Signed-off-by: joshvanl <[email protected]>

d523eedecc209f6b624227d4ad1382fad555e137 authored over 3 years ago by joshvanl <[email protected]>
Adds tests for ca rotation

Signed-off-by: joshvanl <[email protected]>

629d3852363639619f15cdc412ce1844930cbc17 authored over 3 years ago by joshvanl <[email protected]>